1. Field of the Invention
The present invention is generally related to the field of trusted computing. More particularly, the present invention is related to a system and method for using a trusted-platform-based shared-secret derivation and GSM infrastructure-based enrollment to establish a secure local channel.
2. Description
With network convergence, emerging devices such as, but not limited to, notebooks, personal digital assistants, and other consumer computing devices, will be supporting several network access capabilities, such as, for example, 802.11, 802.16, GPRS (General Packet Radio Service), GSM (Global Systems for Mobile Communications), etc., to the Internet as well as to private corporate networks. However, several credentials such as, for example, user, corporate, or mobile network operator credentials, may remain stored on a subscriber identity module (SIM) or smart card because of their tamperproof features, cryptographic capabilities, take-away factor, or a Mobile Network Operator's business requirements to own part of the SIM/smartcard and to control the enrollment of its functions.
It is therefore critical that such devices have sufficient security when transferring credentials between a SIM/smart card and secure applications running on a Trusted Partition. However, in order to establish a trusted channel between the two entities, both the SIM/smartcard and the trusted application must have some shared security parameters.
Thus, what is needed is a system and method for establishing a trusted channel between a SIM/smart card and a trusted platform. What is also needed is a system and method that establishes the trusted channel by securely enrolling Shared Secrets between the SIM/smartcard and the trusted platform. What is further needed is a system and method that establishes a Shared Secret definition that provides anonymous identification of platform validity and trust.